Working inside perimeter defenses — where the greatest damage from breaches occur — the system provides your last line of defense against staging, reconnaissance, propagation, data acquisition, exfiltration, insider threats, and much more.

Security Automation

Respond in Minutes

NetTrust automates and accelerates SOC response by helping security analysts quickly identify, triage and contain compromised systems. Where analysts otherwise need to review tens of thousands of individual events in the wild to figure out what’s happening, NetTrust automatically profiles, correlates and analyzes risky behavior in real time to join the dots for you.

Evidence-Based Risk Index

NetTrust lets your team pivot on systems rather than discrete events, with a Risk Index and Forensic Confidence Score (FCS) showing at a glance which ones are at the greatest risk of breach. Pattern analysis reveals systems exhibiting a common “threat DNA,” classifies threat categories and focuses containment efforts based on evidence, not inference.
Evidence drill-down from profile to packets provides the detail needed to expedite decision making, reduce dwell time, accelerate containment and reduce the risk of lost or stolen data.

Detect Hidden Behaviors

As malware executes inside your network, it conceals itself by hiding inside benign protocols. Traditional anomaly detection generally fails to identify such events, making it easy for hackers to hide in plain sight. Malicious actors can easily subvert your network by using ubiquitous protocols like DNS, NTP or Ping to download zero-day binaries, initiate command and control communications and ultimately exfiltrate data.

Find Obfuscated Callbacks & Data Exchange

NetTrust uses an open detection grammar to identify these otherwise hidden network behaviors at application runtime, allowing it to find malicious content without the use of signatures or sandboxes (for example binaries hiding inside documents or image files). The NetTrust detection engine provides unique Callback and Obfuscation Data Exchange (CODE) capabilities to assess signaling integrity and hidden data transfer between systems for command and control beacons (dial-homes), attack preparation and data exfiltration.

AWARE Analytics Platform

Underlying all TaaSera products is the patented AWARE analytics platform (Attack Warning and Response Engine). AWARE automatically maps behavior events to discrete stages in the life cycle of advanced threats, and then generates Profiles containing multiple related events correlated during observation. Analysts may drill down on Profiles to view and diagnose events relevant to each stage of an ongoing malware infection.

NetTrust Profiles amplify the signal and reduce noise so that analysts need review only the events relevant to an attack. With an extremely low rate of false positives, NetTrust empowers security analysts to focus on what matters most as they investigate, triage and contain compromised systems at risk of data breach.

Threat DNA Pattern Analysis

Coordinated attacks follow a sequence of behaviors that is virtually impossible to track without extensive, after-the-fact forensic analysis. By classifying the pattern of events in real time, NetTrust maps the specific "threat DNA" of an ongoing breach attempt.

Shared Behavior Intelligence

One of the greatest challenges during the incident response process is the uncertainty of knowing whether you've contained the problem, or if other systems remain compromised but undetected.

The AWARE analytics platform instantly compares observed behavioral patterns found inside your environment with others shared anonymously across the global community of NetTrust users. Best of all, when NetTrust identifies a system at risk of breach, pattern identification speeds containment and response by automatically finding any other systems showing the same pattern of attack behavior. NetTrust automatically correlates and analyzes these data in real time to join the dots for you.

Contextual Evidence

Risk Index and Forensic Confidence Score

Contextual evidence is key for investigation or incident response. But gathering it can be a time consuming, hit-or-miss process. NetTrust automates the analysis of contextual evidence by correlating hidden risky behaviors against a multitude of data sources, including external IP reputation, vulnerabilities, risky DNS behavior, threat patterns and other risk indicators.

NetTrust automatically analyzes these data in real time to produce a Risk Index and Forensic Confidence Score (FCS) from the total accumulated evidence. The Risk Index makes it simple to triage systems that require immediate containment and response. From behavior profiles, you can drill down to examine network capture files in PCAP format related to the observed patterns of behavioral evidence.

Security Ecosystem

Evidence-Based Risk Attribution

When NetTrust finds exploit behaviors across the network, it correlates them against results from vulnerability scanning tools for additional risk attribution and contextual evidence. Prioritization of patch management becomes much more obvious when you discover vulnerabilities actively under exploit.

Turn Your SIEM into a Breach Detection Engine

Analytics and Profile data from NetTrust may be exported to any CEF-compatible log server for integration into your Security Information and Event Management (SIEM) or Splunk platforms, providing both a single pane of glass, and turning your big data log management into a Breach Detection Engine.

Editions

NetTrust editions use one or more passive host sensors to analyze live network traffic fed via the SPAN port of a 1G or 10G network interface, on a layer 2/3 switch, firewall or virtual switch port mirror. Sensors are deployed inside the firewall and DMZ so they have visibility into traffic inside your network, and run as a virtual appliance on a dedicated server, or as an OVF that can be deployed on existing virtual infrastructure.